Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Air Traffic Control Systems Vulnerabilities Could Make for Unfriendly Skies [Black Hat]

Researcher Andrei Costin discusses the security challenges facing ADS-B technology and how attackers can spoof air traffic signals.

The skies may not be as friendly as some people think.

Researcher Andrei Costin discusses the security challenges facing ADS-B technology and how attackers can spoof air traffic signals.

The skies may not be as friendly as some people think.

In a talk at the Black Hat USA conference, security researcher Andrei Costin discussed the possibility of spoofing signals to air traffic control systems in attacks – all courtesy of roughly $1,000 worth of equipment. After his presentation, he sat down with SecurityWeek and revealed more details of how attackers could exploit weaknesses in the Automatic Dependent Surveillance-Broadcast (ADS-B) technology.

Hacking Air Traffic Control SystemsCostin, who is a PhD candidate at Eurecom – a research institute in France – said that the security issues he talked about in his presentation have been known for a while, though no one had actually demonstrated them. The weaknesses he demonstrated could potentially have large future implications, as the U.S. has mandated that the majority of aircraft operating within its airspace to be equipped with some form of ADS-B Out by 2020.

“Our intent was to make a practical demonstration of the attack, [with] the idea that the right people see the easiness and the cheapness of the attack so they can fix it now before they have the potential of a user can do the same thing,” he said.

To launch the attack, he used software-defined radio, which he said could be purchased for around $1,000. He also used an ADS-B receiver in order to verify the spoofed messages were being accepted. Because there is no encryption or authentication mechanism protecting ADS-B messages, the information can be intercepted and spoofed by attackers. For example, the attacker could mount a replay attack, intercepting packets with flight information in the air and then replaying them back to a targeted system.

“It is impossible to verify that the message is a real one or a spoof, and that it comes from a legitimate aircraft or device,” he said. “It’s an architecture issue…the protocol and the messages have to be improved in order to support authentication and encryption.”

This could have safety as well as privacy concerns, because an attacker could determine the location for example of a private jet. Though it is possible to use filed flight plans to rule out a spoofed signal indicating a plane is at a particular place that becomes difficult if there are a large number of planes involved, Costin explained.

He said he is unaware of any attacks like this taking place in the wild, though he speculated that it would be just a matter of time before it happened.

Advertisement. Scroll to continue reading.

“The complexity I would say is medium,” noting that acquiring the necessary hardware is simple, but the attacker would need to have some knowledge of digital signal processing.

In a statement released to the media, the Federal Aviation Administration said it conducts ongoing assessments of ADS-B vulnerabilities and has a “security action plan” that mitigates risk. The agency also stated that it monitors the “progress of corrective action,” and plans to maintain about half of the current network of secondary radars as a backup to ADS-B in the event it is needed. Costin however, was more skeptical of the situation.

“The main mitigation that is currently helping is that they don’t use [ADS-B] as a primary…radar,” he said.

Written By

Marketing professional with a background in journalism and a focus on IT security.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

Vulnerabilities

The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.